The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group.

I’ve always wondered what it would be like, but I’ve also heard so many creepy stories about it I just don’t want someone hacking my bank because I’m an idiot. So I stay away from it. I wish I was more tech savy.

@emberwit@feddit.de
link
fedilink
English
191Y

Are you confusing Tor and something like deep/dark web? Because Tor itself is just a webbrowser, it’s basically a Firefox with some modifications for stricter privacy.

raccoona_nongrata
link
fedilink
English
31Y

deleted by creator

There’s a TOR browser, but calling tor “just a browser” is really odd and not really correct. The TOR project is the routing protocol that bounces your traffic around. You can do so through the TOR browser, but the browser isn’t TOR. It also isn’t the only way to use TOR.

Also, while HTTPS is close to universal now, it’s still possible to use HTTP and theoretically a malicious exit node could modify any unencrypted traffic.

@emberwit@feddit.de
link
fedilink
English
31Y

Thank you for clarification! Of course I meant the TOR browser client itself, should have been more precise.

Possibly, I know Tor is a browser but because it can be used to access deep/dark web I don’t trust myself with it. 100% out of acknowledged ignorance yes

I promise you that like 90% of the creepy stories you’ve heard are people either exaggerating or just straight-up lying to sound cool on the internet. The kind of stuff that actually needs to operate over the TOR network doesn’t exactly want to be easily discoverable by normal people.

You’re no more likely to accidentally stumble across illegal / dangerous content while using TOR than you are while using any other browser.

Isn’t the problem was that back then everyone used to be a node (was it exit node?), but I heard today it’s not the case anymore so no one can actually link you to other bad things other people do.

To simply use TOR you do not need to run any kind of guard/middle/exit relay (this has always been the case), but yes there is the risk of being held accountable for other users data while hosting an exit relay.

This hasn’t gone away thanks to any legal precedent as far as I’m aware, so I imagine it all depends on the tech literacy of your local jurisdiction & how good of a lawyer you can afford.

Thanks for the correction.

Thanks for the advice! I’ll keep in mind.

brie
link
fedilink
91Y

As long as you stay off of any .onion sites, there won’t be any difference w.r.t. dark/deep web access. If a domain doesn’t end in .onion, then it can be accessed with a regular web browser anyway.

First Majestic Comet
link
fedilink
English
11Y

Hate to burst your bubble but many of the stories are just that, stories. Vast majority of the onion sites out there are either forums like 4chan or hobbyist sites like the old days of the internet.

Illegal websites do exist but they’re rare and hard to find, they also are subject to being taken down. They’re nothing like the stories though. In fact majority of the websites that exist when you search for these topics are just bitcoin scams, i.e. a livestream website that asks you to pay $200 in bitcoin to enter, almost certainly a scam because livestreaming over Tor is terrible due to low spead and it breaks the anonymity due to generating tons of unique traffic.

TL;DR Tor is a tool that can be used for privacy on the clearnet it can also be used to host your own onion sites. Dark web stories do have a small element of truth to them but are mostly scary stories to tell in the dark.

Why, no, thank you, I don’t have any appreciation for this bubble you are bursting. I figured some had to be just tales but it’s hard to know exactly how much of it is bs. So thanks.

Skull giver
link
fedilink
9
edit-2
1Y

[This comment has been deleted by an automated system]

Thanks for the info! I’ll save this comment for further study.

Someone correct me if I’m wrong.

Operating nodes is expensive, offers no reward, and comes with a serious legal risk.

This won’t stop the NSA from operating a few. I assume that a significant portion of Tor nodes is run by intelligence agencies. If they control all nodes used for a connection(i believe three are used), they can probably piece together what connections a user is having.

It is expensive. And yeah, it might get you into trouble in some places.

And yes, the glowies use it, but journalists and whistleblowers use it too.

I’m under the impression that my use will only make it slower for people who really need it.

There’s still plenty of bandwidth to go around: https://metrics.torproject.org/bandwidth.html

It will take some performance, but it’s also creating noise which is a good thing.

@Lexam@lemmy.ca
link
fedilink
English
91Y

But that’s part of its appeal. How else do I know I’m one of the cool kids?

People treat this as a suggestion. It’s actually a warning. A warning of what will happen if we overuse TOR.

It would help if Tor would be more useful for regular use. The few times I used it, it was for VPN-style geolocation circumvention. Tor supports it by changing ExitNodes, but the setting is hidden deep down in a config file and required a restart. Not exactly a great user experience for a setting that you might wanna flip pretty frequently.

It’s a hidden setting because it’s not recommended to change that setting for people who need anonymity.

This setting?

Actual legal risks and consequences don’t go away by applying wishful thinking.

Which are what

ɔiƚoxɘup
link
fedilink
61Y

To give you an idea, last time I used Tor, I suddenly started to get a bunch of connection attempts from the FBI. Was I doing anything illegal? Nope. Was TOR a legal liability? You betcha.

@xvlc@feddit.de
link
fedilink
English
291Y

Connection attempts from the FBI? Could you specify that a bit further?

ɔiƚoxɘup
link
fedilink
English
11Y

I was using peerblock and one of the blocklists contained known governmental IP addresses. Those blocked connections began quickly filling the logs.

Spooked the crap outta me. It’s been a few years since I did that, so I could have that detail wrong. I know it was for sure one of the three letter acronyms, DOD, FBI, CIA, but they were definitely incoming.

@xvlc@feddit.de
link
fedilink
English
11Y

That does not sound plausible to me. Typically, your own computer would be behind a router that is either doing NAT or has a firewall (probably the former). Any incoming traffic would be directed to the router without any chance of reaching your computer. Whatever you saw was either outgoing traffic or incoming traffic in response to connections initiated by your own computer.

ɔiƚoxɘup
link
fedilink
English
21Y

Consider this, the Tor software was accepting connections from government IPs.

Regardless of whether it was active intrusion or a significant portion of the Tor network, (at that time) had a number of governmental IP ranges in it, It’s enough to dissuade my use, at least without more significant OpSec.

I do understand your point though.

Eggyhead
link
fedilink
15
edit-2
1Y

I suddenly started to get a bunch of connection attempts from the FBI.

How can I observe connection attempts like this?

ɔiƚoxɘup
link
fedilink
11Y

I use peerblock and had some good blocklists set up. The hardest part should be finding peerblock or a more modern fork, the blocklists are mostly public. Helps keep from connecting to known bad actors.

Yeah, is this guy living in China?

I am not sure what he’s hinting at. Just using Tor doesn’t bear any legal risks. Hosting an exit node is different, as depending on the country you might get into serious trouble if certain traffic goes through it.

TWeaK
link
fedilink
English
111Y

Yes exactly, and I think there have been stories recently where the exit node host has been held liable for content that’s gone through it.Which is complete bullshit, but the unfortunate reality is that the legal system doesn’t need to understand technology to regulate it.

@jarfil@beehaw.org
link
fedilink
English
4
edit-2
1Y

It’s not bullshit. If A has proof your system launched an attack, or sent CSAM, to another system, but your only defense is “I let anyone use my system in that way”, then at the very least you’re an accomplice.

TWeaK
link
fedilink
English
11Y

It is bullshit, because it puts the onus of policing everything on any service provider. If a TOR exit node provider is responsible for all traffic through their node, then an ISP is responsible for all traffic through them to their users - yet it is not reasonable for ISP’s to do this. Nor should it be acceptable by law and even less so if the purpose is for law enforcement to bypass the warrant system by having private parties do the investigation for them.

@jarfil@beehaw.org
link
fedilink
English
21Y

Well, the law enforcement ship has sailed a long time ago, it’s more of a flotilla by now. Data communication service providers (including ISPs) have some customer identification and data retention requirements in exchange for immunity from the data itself, but otherwise —reasonabke or not— there are more and more traffic policing laws that get introduced for ISPs to abide. By starting a Tor Exit node, you become a service provider, and the same laws start to apply.

It’s no joke that we live in a surveillance state, just that some go “full surveillance” like China, while others go “slightly less in-your-face surveillance” like the US/EU.

J Lou
link
fedilink
2
edit-2
1Y

Would it be possible to allow exit nodes to blacklist specific kinds of traffic and somehow privately verify that the traffic is not one of the blacklisted kinds (zero knowledge proof perhaps sorry not a CS person)?

@jarfil@beehaw.org
link
fedilink
2
edit-2
1Y

An exit node can put in place any filters, blacklists, mitm, exploit injection, logging, and anything else it wants… on unencrypted traffic. Using HTTPS through an exit node, limits all of that to the destination of the traffic, there is no way to get a ZK proof of all the kinds of possible traffic and contents that can exist.

J Lou
link
fedilink
2
edit-2
1Y

What I meant was blacklisting certain destinations. It obviously wouldn’t prevent all malicious traffic

baltakatei
link
fedilink
121Y

I imagine more people would use Tor if they could get paid to provide bandwidth (like Orchid as described on FLOSS Weekly 633).

Why would I use it? I get that we need it for journalists and stuff but it’s mostly used by hackers

Skull giver
link
fedilink
6
edit-2
1Y

[This comment has been deleted by an automated system]

First Majestic Comet
link
fedilink
English
2
edit-2
1Y

Might also be a good idea to use something like Ublock origin and Portmaster as well, don’t just try to curate ad targeting, block them, if you want to still support websites you can use something like adnauseam which clicks the ads.

I’m not trying to say that Tor isn’t a good idea because they should be blocking ads, I think more people should absolutely use it for better anonymous browsing, I only bring up ad blockers because if people don’t want to be targeted ads they should be blocking them.

Bonus: Add anti-adblock filters to ad-block, it helps significantly with sites that try to detect them, also spam and malware filters are essential.

The idea is that if lots of people use it, then it’s not only for hakers

@emberwit@feddit.de
link
fedilink
English
7
edit-2
1Y

But what do people use it for? There is no point logging into your facebook and youtube accounts through Tor but thats what most people do on the web.

@wxboss@lemmy.sdf.org
link
fedilink
English
101Y

It’s for people who want to keep their network traffic private from say their ISP or other sniffers.

@emberwit@feddit.de
link
fedilink
English
91Y

Yep, and thats nothing the average user has any interest in.

You go first.

I don’t think I really have a reason to use it.

zeus ⁧ ⁧ ∽↯∼
link
fedilink
English
81Y

then try reading the article

@NaoPb@beehaw.org
link
fedilink
English
6
edit-2
1Y

I’d rather not waste my time reading an article about a program I’m not currently using to find out if I should use it our not. I’d rather see a post that has bulletpoints with pre’s and cons. My time is limited enough as it is.

[edit] I realise that my comment will probably come across as unfriendly so I will add some explaining to it.

I am currently in a western country using a fibre landline and I trust my internet provider to not intercept my data or use things like a man in the middle attack. Am I right for assuming that and if so, would tor prevent that? Will tor slow down my internet? I mostly watch youtube videos and read/post on lemmy/mastodon. I am not against using tor at all, but my energy and time are limited so I don’t feel like reading a whole article just for an app I do not feel the need to use. I am currently very happy with my firefox browser and all the add-ons I use. And with all the modifications I have put into it to make it work just the way I like. Would I loose all that by switching to tor? I am prepared to change to tor but I am not in the camp of “protect privacy at all costs, even if it greatly inconveniences me”. Especially if the risks of not using tor seem quite low in my situation.

zeus ⁧ ⁧ ∽↯∼
link
fedilink
English
71Y

okay. perhaps instead of wasting your time writing an entire paragraph, you should read the article and you’ll find out that that entire paragraph was irrelevant

it’s actually not an article about the pros and cons of tor. it could not be summed up in bullet points about the pros and cons of tor

i’ll admit to being a little facetious before, but i implore you to read articles before commenting on them

@NaoPb@beehaw.org
link
fedilink
English
31Y

Thing is… if I have to do that for every time someone linkdrops an article, I’ll have no time left in my day.

And it seems I was right that I have no real reason to use tor.

zeus ⁧ ⁧ ∽↯∼
link
fedilink
English
4
edit-2
1Y

Thing is… if I have to do that for every time someone linkdrops an article, I’ll have no time left in my day.

if you spent less time writing comments about articles you haven’t read, you might have more time. do you do this in other walks of life? wander into restaurants you’ve never eaten at and announce “i don’t think there’s really any reason to order the fish”?

And it seems I was right that I have no real reason to use tor.

okay, i’ll sum the article up for you. the more people that use tor, the more it protects vulnerable people. journalists writing exposés about corrupt governments, refugees trying to flee, etc. the more normal people using tor, the more they get lost in the crowd. it’s nothing to do with whether you have any reason to use tor, that’s irrelevant. by using it, you’re helping those in vulnerable positions. happy? now go write something inciteful

@NaoPb@beehaw.org
link
fedilink
English
11Y

deleted by creator

zeus ⁧ ⁧ ∽↯∼
link
fedilink
English
21Y

Are you really surprised I’m replying to you when you keep replying?

well yes, actually. i have time to sit down over breakfast, read a few articles, maybe reply to a few comments

you clearly live such a busy lifestyle you haven’t time to read an article before making an asinine comment

And yes, you are merely confirming my point. There is no use for me personally. I would only have to use it and endure slower internet so that others benefit. Still doesn’t change the fact that for me personally there is no advantage. You can argue all you want but that’s what it comes down to for most people.

well that’s a pretty fuckin stupid viewpoint in my opinion. “i’m not going to help protect the careers and possibly lives of people in authoritarian countries, because i’d have to install a programme and possibly even launch it a couple of times per month”. running folding@home did me no advantage, i still did it.

And if you keep replying I’ll keep replying. No need to be surprised about that.

don’t worry, i won’t be. i was being flippant because i thought you an idiot, but it turns out you’re willfully ignorant.

Sam
link
fedilink
17
edit-2
1Y

The reason is privacy, everybody has a reason to use it.

In theory yes, but practically speaking trying to access a lot of the modern web over TOR would be at best painfully slow and at worst almost impossible thanks to DDoS protection providers like cloudflare.

samwise
link
fedilink
211Y

This right here. A very large part of the web is inaccessible from TOR. Last I tried you couldn’t access social media, Google constantly forces you through captchas because it thinks you’re a bot, and anything on a CDN will either forces captchas or just doesn’t work. Financial institutions absolutely are all inaccessible.

Privacy is important, but most of the places you want to go with TOR to stay private won’t let you in because malicious actors want to use it for the same reasons.

Facebook has an official.onion domain and it’s the only way I access it, as it’s required for my employer.

First Majestic Comet
link
fedilink
English
11Y

Reddit also has a .onion as well. Funny considering their pride on Ban evasion detection they should outright block Tor.

While I agree with you, I’m wondering what the benefit is of watching youtube and posting/reading lemmy/mastodon through a tor network. Because those are the main things I do. While I do understand that in some countries and also in public wifi networks the chances of traffic being intercepted and man in the middle attacks are higher, I do not expect that to happen to my fibre connection in my western country.

Unless you browse Geocities sites from 1998, intercepting and MITMing is simply not an issue. Everything built nowadays uses https, which fully protects you against those.

First Majestic Comet
link
fedilink
English
21Y

Yeah people when they discuss Neworking and VPNs I’ve noticed are either illiterate to the existence of https or are deliberately not mentioning it for the purpose of misleading people in some way (in the case of VPN sponsorships it’s to get people to buy them).

@wxboss@lemmy.sdf.org
link
fedilink
6
edit-2
1Y

On the desktop, I use Whonix which does utilize the Tor Network. That being said, I rarely use the Tor browser outside of it.

  1. I don’t have a strong need to use TOR.
  2. It’s way too slow.

I heard of a guy who went to prison because he bought something from Allegro (Polish Amazon) over TOR. Someone used the same exit node for hacking, so they pinned it on him.

Mkengine
link
fedilink
21Y

I thought the point of Tor was the anonymity?

Your anonymity goes out the window when you log in to any service. Your privacy goes when you give them your shipping information.

“Czesc, I am Mister Anonymous. I would like to buy this Book. Please send it to Jan Pawel at this address, dziekuje.”

It provides anonymity in much the same sense as going into the bank while wearing a skimask does. Every form of anonymity service always puts you in close range to be grabbed by the authorities, as while your traffic might be anonymized, the fact that you are running the service is not.

What country? Sounds like a kangaroo court or a court staffed entirely by old people.

Poland.

He could’ve easily got it solved but he didn’t have money and the public defender just told him confessing was the best option.

It might be a legend, it’s just a thing that supposedly happened to someone in a community I participate in.

Thalestr
link
fedilink
421Y

court staffed entirely by old people

Isn’t that most courts?

Yeah, that ruling is ridiculous.

Actual legal risks and consequences don’t go away by applying wishful thinking.

deleted by creator

It’s great when you want to connect two devices behind NAT without relying on any specific third-party server or service. I ssh to my laptop from my phone with it when away from it.

It’s also useful to circumvent censorship, though it depends on the country. Also, websites employing wide-range IP blocks, in my experience, more often than not still allow Tor.

Lily33
link
fedilink
41Y

How does Tor help ssh behind NAT?

You run a Tor Hidden Service with sshd on one device. Knowing the .onion address, the correct port and having the corresponding private key on the other device (all of that not really subject to change), you can run the Tor daemon on it (for Android, you can use Termux) and connect with ssh, using torify nc %h %p as ProxyCommand.

@emberwit@feddit.de
link
fedilink
English
16
edit-2
1Y

It’s a web browser. Slower than others and some pages won’t work but other than that, it does just that.

…I mean, it’s more like the web browser makes it easy to use the Tor network. The network is the slow part. Your requests are getting ping-ponged all over the world intentionally taking the long way around.

First Majestic Comet
link
fedilink
English
11Y

I use it, it’s a bit slow and you sometimes get lots of captchas but overall I think it’s pretty good.

@ctr1@fl0w.cc
link
fedilink
English
51Y

It’s great for anything low bandwidth that isn’t tied to your identity, and helps for peace of mind, despite its issues. You do run into captcha or DDOS protection issues occasionally, but the new tor circuit for this site button sometimes works. Also it uses letterboxing to prevent resolution-based fingerprinting, which isn’t very pretty, but leaving it at its default size (or locking the size using the WM) works well and is good for privacy.

Skull giver
link
fedilink
4
edit-2
1Y

deleted by creator

interolivary
link
fedilink
91Y

On the other hand, there’s no way to track you. Useful for looking up medical info in a way that search engines and such can’t relate back to you. Often I’ll keep browsing in it once I’ve opened it because it’s just basically Firefox.

This is only true if you have the most “paranoid” security level selected, and at that point anything that relies on Javascript (or any of the other features that get blocked) will break. Enabling Javascript or the other blocked Web features will make it fairly trivial to track you especially the more you browse, so at that point you might as well just be using a regular VPN.

Tor itself isn’t the problem in this equation, it’s the browser, and they tend to leak information like a sieve

Skull giver
link
fedilink
9
edit-2
1Y

[This comment has been deleted by an automated system]

interolivary
link
fedilink
51Y

Sure, it all depends on how paranoid you are, my point was more that saying someone is untrackable if they use Tor has a lot of caveats.

For the average pleb it’s probably fine, if all they’re doing is just trying to dodge regular trackers and not the authorities

BigVault
link
fedilink
21Y

I use it to access any websites that I want to that Virgin Media block due to court orders issued by the UK high court.

Virgin Media

Damn. Looks like the UK is more restrictive than I’d thought.

I always have Tor installed and I often use it instead of incognito browser sessions when researching stuff. It’s sometimes slow and Cloudflare made it a lot more annoying to use than ~5-10 years ago, but I’m glad it exists.

I’m sure it’s still more useful to US interests though, or it wouldn’t be funded anymore.

@kent_eh@lemmy.ca
link
fedilink
English
131Y

Any time I’ve tried to use Tor in the past I gave up because it was frustratingly slow.

Those onion layers don’t add up to nothing… also I’ve heard it’s under constant attack. Plus not enough people running relays and exit nodes.

Light browsing is good

samwise
link
fedilink
251Y

There is no amount of money that you could pay me to run an exit node

On
link
fedilink
61Y

Hence the rumors that the feds and state actors do the most of it.

samwise
link
fedilink
41Y

And I absolutely believe it. If anyone can run an exit node, then there’s absolutely no way the NSA isn’t running one and sniffing all the traffic

If they don’t control most of the nodes in-between they can control all the exit nodes they want. If you connect though 3 Tor nodes, as soon as one of them is not controlled by them they likely can’t identify you.

That’s not to say that they don’t control most of the nodes, and your traffic likely goes through NSA nodes exclusively

The CIA, not the NSA. Tor is a great way for agents deployed abroad to phone home with plausible deniability: “I’m sorry Mr. Chinese Officer, I got homesick and really wanted to watch some BBW porn…”

I have a special hate for cloudflare in me I can’t describe

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 56 users / day
  • 167 users / week
  • 618 users / month
  • 2.31K users / 6 months
  • 1 subscriber
  • 3.28K Posts
  • 67K Comments
  • Modlog